On 28/10/13 19:27, Stephen Davidson wrote: > Virtually every CA relying party agreement (RPA) that I know > stipulates that a user must validate the SSL using CRL or OCSP in > order to place any reliance on the certificate. > > Removal of that capability from browsers renders those RPAs useless, > and effectively removes warranties from the SSL sector.
To illuminate the debate: are you able to quote a case study from the Web PKI where a relying party has successfully claimed on such a warranty? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy